Configuration and Code Reviews

Many security vulnerabilities can be found in how IT systems such as networks, servers, gateways and applications are configured or coded. InteliSecure’s team of infrastructure experts review and assess these systems to help ensure they are properly configured to inhibit an individual or group from easily accessing the inner workings of your IT environment. We are able to provide configuration review services for all of the areas listed below.

Configuration Reviews may include

  • Open TCP and UDP ports
  • Service permissions
  • Operating system and third party software patch level
  • User accounts (Local and Group)
  • Security policies (Local and Group)
  • Network shares and permissions
  • Available network interfaces
  • Storage mechanism of password (are they stored securely), including cached credentials and password history and policy
  • Antivirus products installed, configured correctly and kept up to date
  • Host-based IDS/IPS/Firewalls

Application Code Reviews check for:

  • Presence of developer test code/files (not removed)
  • Obfuscation
  • Session handling
  • Input validation
  • Parameter & variable checking
  • Cookie parameters and hidden fields (if applicable)
  • Read/write call to files (permission checks)